/
iam.go
76 lines (65 loc) · 2.22 KB
/
iam.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
package internal
import (
"context"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/credentials/stscreds"
"github.com/aws/aws-sdk-go-v2/service/sts"
"github.com/rs/zerolog"
)
// GetAWSIdentity Get the STS identity for the current session
func GetAWSIdentity(logger *zerolog.Logger) (Arn, UserId, Account string) {
// get the aws sdk client config
cfg, err := config.LoadDefaultConfig(context.TODO())
if err != nil {
panic("configuration error, " + err.Error())
}
client := sts.NewFromConfig(cfg)
input := &sts.GetCallerIdentityInput{}
p, err := client.GetCallerIdentity(context.TODO(), input)
if err != nil {
logger.Fatal().Err(err)
}
return *p.Arn, *p.UserId, *p.Account
}
func GetAssumeRoleCreds(assumeRoleARN string, logger *zerolog.Logger) (*stscreds.AssumeRoleProvider, error) {
cfg, err := config.LoadDefaultConfig(context.TODO())
if err != nil {
logger.Fatal().Err(err)
return nil, err
}
stsSvc := sts.NewFromConfig(cfg)
if err != nil {
logger.Fatal().Err(err)
return nil, err
}
creds := stscreds.NewAssumeRoleProvider(stsSvc, assumeRoleARN)
return creds, err
}
// GetAWSIdentityWithAssumeRole Get the STS identity for the current session
func GetAWSIdentityWithAssumeRole(assumeRole string, logger *zerolog.Logger) (string, error) {
// get the aws sdk client config
cfg, err := config.LoadDefaultConfig(context.TODO())
if err != nil {
logger.Fatal().Err(err).Msg("Unable to load default config")
return "", err
}
logger.Info().Msg("getting the assume role credentials")
creds, err := GetAssumeRoleCreds(assumeRole, logger)
if err != nil {
logger.Fatal().Err(err).Msg("Unable to get assume role credentials")
return "", err
}
cfg.Credentials = aws.NewCredentialsCache(creds)
// Create service client value configured for credentials
// from assumed role.
logger.Info().Msg("creating a client wiht the assume role credentials")
svc := sts.NewFromConfig(cfg)
input := &sts.GetCallerIdentityInput{}
logger.Info().Msg("using the assume role credentials to run get caller identity")
p, err := svc.GetCallerIdentity(context.TODO(), input)
if err != nil {
logger.Fatal().Err(err).Msg("Unable to get caller identity")
}
return *p.Arn, err
}